Tracking Browser Fingerprints in Google Analytics or Other Tools
Over the past 4-5 months or so, I’ve been watching SnowPlow Analytics develop into a sexy analytics platform. They’ve been sharing innovative ideas to make their platform as powerful as possible. Anyhow, something in particular caught my attention - track browser fingerprints in SnowPlow - and so, I decided to track this in Google Analytics.
WTH is a browser fingerprint?
Using information available from your browser configuration (through JavaScript and sometimes through Flash), we can get all sorts of interesting information, such as your user agent, fonts, browser plugins and other settings. There is so much information about your configuration that, when combined, creates a fingerprint that is unique to your browser (or in theory that’s how it works).
Panopticlick has a brilliant demonstration of this on their website.
Test your browser’s uniqueness on Panopticlick’s website.
What can it be used for?
While “privacy advocates” would scream bloody murder over browser fingerprinting, there isn’t much reason for concern. Because, what can you do with a fingerprint? Not a hell of a lot but here are a few possible uses:
- Tracking sessions that traverse multiple domains/properties/brands (where cross domain tracking is not setup or is not an ideal solution)
- Stitching sessions together where a user may have deleted their cookies or opened an incognito window
OK, so maybe the last one is a bit iffy as far as privacy concerns go, but as far as uses for browser fingerprints, there’s not a whole lot to them. Unless they’re placed in the right (or wrong, for that matter) hands, of course.
Note that when your browser upgrades or gets a new plugin, your fingerprint also changes.
How to do it
Well dear reader, look no further than Carlo’s jQuery browser fingerprinting script and Joseph Myer’s MD5 algorithm on Github. Combining these tools allows you to generate a fingerprint and develop a hash of it.
Simply chuck the hash of the fingerprint into a GA custom variable slot and boom! You’ll have a unique ID for your visitors (or round abouts).
Read on if you’d like to install it on your own site.
Requirements
- jQuery installed
- Google Analytics’ asynchronous tracking
Installation guide
I recommend that you checkout the Gits of Carlo’s Browser Fingerprinting and Joseph Myer’s MD5 hashing script. I understand you may not be willing to spend the time grabbing the scripts and combining them into a single file and whatnot. I too hate combining lots of JS files into one.
If you’d rather not whack the scripts together yourself, follow these steps:
1. Upload browser-fingerprint.js to the root of your site
2. Add the following code before you Google Analytics script but after your jQuery script
<script type="text/javascript" src="/browser-fingerprint.js"></script>
3. Modify your Google Analytics script to include the following line before _trackPageview() (updating the custom variable slot as you need):
_gaq.push(['_setCustomVar',1,'fingerprint',window.md5(_rawFp()),1]);
… your Analytics script should roughly resemble the following (along with any other customisations you have):
<script type="text/javascript"> </script>
4. Find your fingerprints in your Google Analytics’ custom variables report.
That wasn’t hard now, was it?
Notes
You can increase the uniqueness of your fingerprints by opting including fonts as provided by goodwink on Github. Your mileage may vary depending on the volume of traffic etc. Here is an example of the fingerprint that the script above will generate:
My Chome Browser
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.97 Safari/537.11###1024x1280x32###-660###true###true###Shockwave Flash::Shockwave Flash 11.5 r31::application/x-shockwave-flash~swf,application/futuresplash~spl;Chrome Remote Desktop Viewer::This plugin allows you to securely access other computers that have been shared with you. To use this plugin you must first install the Chrome Remote Desktop webapp.::application/vnd.chromium.remoting-viewer~;Native Client::::application/x-nacl~nexe;Chrome PDF Viewer::::application/pdf~pdf,application/x-google-chrome-print-preview-pdf~pdf;Adobe Acrobat::Adobe PDF Plug-In For Firefox and Netscape 10.1.1::application/pdf~pdf,application/vnd.adobe.pdfxml~pdfxml,application/vnd.adobe.x-mars~mars,application/vnd.fdf~fdf,application/vnd.adobe.xfdf~xfdf,application/vnd.adobe.xdp+xml~xdp,application/vnd.adobe.xfd+xml~xfd;Java Deployment Toolkit 6.0.260.3::NPRuntime Script Plug-in Library for Java(TM) Deploy::application/java-deployment-toolkit~;Java(TM) Platform SE 6 U26::Next Generation Java Plug-in 1.6.0_26 for Mozilla browsers::application/x-java-applet~,application/x-java-bean~,application/x-java-vm~,application/x-java-applet;version=1.1.1~,application/x-java-bean;version=1.1.1~,application/x-java-applet;version=1.1~,application/x-java-bean;version=1.1~,application/x-java-applet;version=1.2~,application/x-java-bean;version=1.2~,application/x-java-applet;version=1.1.3~,application/x-java-bean;version=1.1.3~,application/x-java-applet;version=1.1.2~,application/x-java-bean;version=1.1.2~,application/x-java-applet;version=1.3~,application/x-java-bean;version=1.3~,application/x-java-applet;version=1.2.2~,application/x-java-bean;version=1.2.2~,application/x-java-applet;version=1.2.1~,application/x-java-bean;version=1.2.1~,application/x-java-applet;version=1.3.1~,application/x-java-bean;version=1.3.1~,application/x-java-applet;version=1.4~,application/x-java-bean;version=1.4~,application/x-java-applet;version=1.4.1~,application/x-java-bean;version=1.4.1~,application/x-java-applet;version=1.4.2~,application/x-java-bean;version=1.4.2~,application/x-java-applet;version=1.5~,application/x-java-bean;version=1.5~,application/x-java-applet;version=1.6~,application/x-java-bean;version=1.6~,application/x-java-applet;jpi-version=1.6.0_26~,application/x-java-bean;jpi-version=1.6.0_26~,application/x-java-vm-npruntime~;2007 Microsoft Office system::Office Plugin for Netscape Navigator::application/x-msoffice12~*;QuickTime Plug-in 7.7::The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.::application/sdp~sdp,application/x-sdp~sdp,application/x-rtsp~rtsp,rts,video/quicktime~mov,qt,mqv,video/flc~flc,fli,cel,audio/x-wav~wav,bwf,audio/wav~wav,bwf;QuickTime Plug-in 7.7::The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.::audio/aiff~aiff,aif,aifc,cdda,audio/x-aiff~aiff,aif,aifc,cdda,audio/basic~au,snd,ulw,audio/mid~mid,midi,smf,kar,audio/x-midi~mid,midi,smf,kar,audio/midi~mid,midi,smf,kar,audio/vnd.qcelp~qcp;QuickTime Plug-in 7.7::The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.::audio/x-gsm~gsm,audio/amr~AMR,audio/aac~aac,adts,audio/x-aac~aac,adts,audio/x-caf~caf,audio/ac3~ac3,audio/x-ac3~ac3,video/x-mpeg~mpeg,mpg,m1s,m1v,m1a,m75,m15,mp2,mpm,mpv,mpa;QuickTime Plug-in 7.7::The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.::video/mpeg~mpeg,mpg,m1s,m1v,m1a,m75,m15,mp2,mpm,mpv,mpa,audio/mpeg~mpeg,mpg,m1s,m1a,mp2,mpm,mpa,m2a,audio/x-mpeg~mpeg,mpg,m1s,m1a,mp2,mpm,mpa,m2a,video/3gpp~3gp,3gpp;QuickTime Plug-in 7.7::The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.::audio/3gpp~3gp,3gpp,video/3gpp2~3g2,3gp2,audio/3gpp2~3g2,3gp2,video/sd-video~sdv,application/x-mpeg~amc,video/mp4~mp4,audio/mp4~mp4,audio/x-m4a~m4a,audio/x-m4p~m4p,audio/x-m4b~m4b;QuickTime Plug-in 7.7::The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.::video/x-m4v~m4v,image/x-macpaint~pntg,pnt,mac,image/pict~pict,pic,pct,image/x-pict~pict,pic,pct,image/x-quicktime~qtif,qti,image/x-sgi~sgi,rgb,image/x-targa~targa,tga,image/jp2~jp2;QuickTime Plug-in 7.7::The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.::image/jpeg2000~jp2,image/jpeg2000-image~jp2,image/x-jpeg2000-image~jp2;Microsoft Office 2010::Office Authorization plug-in for NPAPI browsers::application/x-msoffice14~*;Microsoft Office 2010::The plug-in allows you to open and edit files using Microsoft Office applications::application/x-sharepoint~;Google Update::Google Update::application/x-vnd.google.update3webcontrol.3~,application/x-vnd.google.oneclickctrl.9~;Shockwave for Director::Adobe Shockwave for Director Netscape plug-in, version 11.6.1.629::application/x-director~dir,dxr,dcr;Silverlight Plug-In::4.1.10329.0::application/x-silverlight~scr,application/x-silverlight-2~"
My Firefox Browser
"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:20.0) Gecko/20121201 Firefox/20.0###1024x1280x24###-660###true###true###Microsoft Office 2010::Office Authorization plug-in for NPAPI browsers::application/x-msoffice14~*"
If you’re relatively technical, be sure to checkout SnowPlow Analytics for a full featured open source analytics platform.
Is this method of tracking overly creepy?
Let me know in the comments below.
Nice!!!
A great solutions for websites without CRM’s (if Universal Analytics will launch in a few weeks).
Not multi-device, but a great tracking option for desktop users & commerce (still ’bout +90% of traffic?)
Will integrate it and have a run with it.
this is just amazing! you could track each and every user what they did on your site over time. This is a user based multi-channel funnel.
Just bookmarked this post. I will be back.
Thanks, Dries and Menachem.
Keep in mind that browser footprints do change often (every upgrade, plugin installed or screen res change will affect the footprint). Two unique IDs such as GA’s own visitor ID alongside this would be more robust. Of course if you can get someone to login, you can stamp them with their unique ID as well. Here’s an awesome topic on Stack Exchange about fingerprinting:
http://programmers.stackexchange.com/questions/122372/is-browser-fingerprinting-a-viable-technique-for-identifying-anonymous-users
@Dries - multi-device depends on which country and the type of site. Believe it or not, in Australia we have 57% smartphone penetration as opposed to 38% penetration in the US, so mobile traffic typically comprises ~20-30% of site traffic. For countries with lower penetration, I’d imagine it to be closer to the 90% you cited - interesting to note though.